Privacy Policy for QSS eID

Data protection conditions for the QSS eID browser extension for authentication and digital signing

1. Scope
   1.1. This privacy policy applies to the QSS eID browser extension for authentication and digital signing. 1.2. The data subject (hereinafter "the user") is a natural person who uses the QSS eID browser extension for authentication and digital signing.
2. Data Processing
   2.1. The QSS eID extension acts as a bridge between websites and the QSS eID native application installed on the user's device. The extension itself does not collect, store, or transmit any personal data to QSS or any third parties. 2.2. When authenticating or signing at an e-service using the QSS eID extension, the following data is transmitted directly to the e-service selected by the user:
   The user's certificate for authentication or signing
   The URL of the website origin (for authentication)
   Digital signature (when signing documents)
   2.3. All cryptographic operations (PIN entry, signing) occur locally within the QSS eID native application and the user's smart card. The browser extension does not have access to PIN codes or private keys.
3. Data Storage
   3.1. QSS does not store, collect, or have access to any user data processed through the QSS eID extension. 3.2. No analytics, telemetry, or tracking is performed by the extension.
4. Third-Party Services
   4.1. The extension does not send data to any third-party services. Data is only transmitted to the e-service that the user explicitly chooses to authenticate with or sign documents for.
5. Contact
   For questions regarding this privacy policy, contact: [email protected]